• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 239
  • Last Modified:

Remote access problems

I am trying to set up remote access to my SBS 2003 network through a vpn.
I have run the wizard and completed the steps necessary. I had my ISP create a DNS address record for the vpn server. However i cannot seem to get it to work.

I think i have found the problem. I presume the issue is that the internet connection to my server comes in through a router. The router therefore takes the WAN Ip address from the ISP and the server has an ip from the range given by the router. Therefore the DNS address record set up by the ISP is currently pointing to the router.

Firstly am i right in what i am thinking?Secondly is there a way round this? can my server have a WAN ip address also?

Can anyone make a suggestion,

Thanks.
0
Brandon2k1
Asked:
Brandon2k1
1 Solution
 
Brandon2k1Author Commented:
I have opened all of the relevant ports on the router. But i still cannot connect to the site over the internet. any ideas why this is?
0
 
Olaf De CeusterCommented:
Please post Ipconfig/all of server.
If using VPN: Do you have GRE protocol of PPTP pass through enabled.
Does it work within network?
Olaf
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
Brandon2k1Author Commented:
below is the ipconfig of the server:
Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER1
   Primary Dns Suffix  . . . . . . . : grandcentral.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : grandcentral.local

Ethernet adapter Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDI
 VBD Client)
   Physical Address. . . . . . . . . : 00-19-B9-EB-DB-60
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.2.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDI
 VBD Client) #2
   Physical Address. . . . . . . . . : 00-19-B9-EB-DB-62
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2
 It doesnt work within the network either.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Your TCP/IP info is perfect... the real question is what do you mean exactly by "However i cannot seem to get it to work"?

The ONLY way someone can help you with a problem in a forum such as this is if you provide the EXACT error message you are receiving.  

Now, the article that KCTS pointed you to did not provide one bit of information you need regarding the correct port to have open for an SBS VPN, so please disregard that.

You DO need to have port 1723 open on your router, pointing to your SBS's IP of 192.168.2.2.  Don't worry about the WAN thing as you were thinking... your router is providing NAT (Network Address Translation) which solves the issue you thought was the problem.  This basically passes along traffic from the WAN IP to 192.168.2.2, and then the SBS will again NAT that over to 192.168.16.2.

You also need to have GRE Protocol 47 enabled on the router, this is usually called PPTP Passthrough or VPN Passthrough on most routers.  If the error you get while trying to connect is ERROR 721, then this would generally indicate that GRE 47 has not been enabled, or the router may not be capable of handling it.  (always make sure your router has the latest firmware installed).

Jeff
TechSoEasy

0
 
Brandon2k1Author Commented:
Thanks for that. However i do not receive any error message. I have set up everything on the server. I have got my ISP to set up a DNS address record for the vpn and for my web server. When i go to a client computer be it one attached to the LAN or a laptop just attached to the internet i cannot connect. I just get the page cannot be displayed in interent explorer. Not sure where i am going wrong
0
 
Brandon2k1Author Commented:
I also can't ping the web address or the IP provided by the ISP from any computer other than the server. If i try from a machine on the LAN i get general failure as the result and if i try from a computer on the internet i get destination net unreachable. Does this help.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
"i go to a client computer be it one attached to the LAN or a laptop just attached to the internet i cannot connect. "

Do you mean just connecting to the Internet?  Or are you trying to make a VPN connection?  

Jeff
TechSoEasy
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
How about providing an IPCONFIG /ALL from a workstation?

Jeff
TechSoEasy
0
 
Brandon2k1Author Commented:
Sorry i am not being overly clear. On completing the Remote access wizard It tells me i need to set up the client computers to connect over the VPN.

"Remote client computers not currently connected to the local network can download Connection Manager from the Remote Web Workplace Web site at https://web.grandcentralrail.com/remote."

However when i try to connect to this site it won't let me it just says internet explorer cannot display this web page.

Any ideas why i can't connect to it? I am thinking i should try the other option and go with the RWW.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Okay... if you cannot connect to https://web.grandcentralrail.com/remote, you can't go with RWW, because that IS RWW.

Now it's telling you this because you entered web.grandcentralrail.com in wizard as the FQDN of your SBS.  (and you probably also entered this FQDN in the Configure Email and Internet Connection Wizard (CEICW -- linked as "Connect to the Internet on the To-Do list in the Server Management Console).  But you haven't told the Internet about this yet.  You need to configure a HOST A record in GrandCentralRail.com's public DNS zone file.  This will most likely be done at TimeWarp.co.uk (your hosting provider).

But let me ask why you are wanting to use VPN anyhow?  Because it is generally best for connecting user's laptops when they take those machines out of the office.  RWW would be used for those who have desktops in the office so they can connect to their computer remotely.

Jeff
TechSoEasy
0
 
Brandon2k1Author Commented:
Sorry i am being really thick here and not getting my head round it.

You are correct. RWW is a much more suitable solution. Is RWW automatically set up when set up your web server?

I thought i had to run the remote access wizard and the only option i had in there was VPN.
I contacted my ISP and they setup a DNS address record attached to the WAN ip address. Does this mean they just haven't made it public?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
RWW is set up when you run the CEICW.  See http://sbsurl.com/ceicw for the how-to and http://sbsurl.com/rww for details on RWW.

"I contacted my ISP and they setup a DNS address record attached to the WAN ip address. Does this mean they just haven't made it public?"

"making it public" is not something that needs to be done (nor is it a procedure that even exists).  Its possible they haven't created the record yet, but you can test RWW internally by going to http://SERVER1/remote and externally by going to https://WANIPAddress/remote.  Externally, you'll get a warning message in IE, but that's just telling you that you haven't yet chosen to trust the company you are connecting to.  Since that's your company you should obviously trust it.  If you are connecting from a computer that you would regularly connect from, then you can avoid seeing this error in the future by viewing the SSL Certificate and then clicking on it's INSTALL button to install it.

In order to connect to RWW's web page though, you need to have port 443 open, and port 4125 as well to connect to LAN desktops.

A summary of ports that should be open on your router:

25 - SMTP
443 - HTTPS (for RWW and OWA)
444 - SharePoint
1723 - PPTP VPN
3389 - RDP for remote administration
4125 - Remote Web Workplace

Jeff
TechSoEasy
0
 
Brandon2k1Author Commented:
Thanks for that. I have already opened all these ports but still i cannot connect. When i ping it i just get Destination host unreachable. Any ideas.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Did you try to connect internally as I had suggested?  Did you try using the WAN IP Address to connect as I had suggested?

Please advise.

Jeff
TechSoEasy
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Let me also clarify that I AM able to connect to https://web.grandcentralrail.com/remote.

Using IE7, I first get this screen:
https://filedb.experts-exchange.com/incoming/ee-stuff/4958-RWW_SSL_warning.jpg

And then when I click the CONTINUE TO SITE (not recommended), I get this screen.
https://filedb.experts-exchange.com/incoming/ee-stuff/4959-RWW_2.jpg

I explained the SSL Certificate error issue to you above.  Please review that for more details.

Jeff
TechSoEasy
0
 
Brandon2k1Author Commented:
Thanks for all the help. I sorted it today. i just reset the router opened all the ports again and it worked. Pain in the arse i tell you that much. Cheers.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now